public interface AuthorizationFactory
Applications may implement the AuthorizationFactory interface for use
with an external authorization mechanism. The external authorization
mechanism for Panther's Requester Servlet requires the implementation
of two Interfaces that are within the com.prolifics.servlet package.
These are AuthorizationFactory and Authorization. Classes of the package,
com.prolifics.servlet.auth0, provide the implementation for these
interfaces for use with Auth0. Source code for these classes is provided
In order to use the AuthorizationFactory interface, the deployment
descriptor, web.xml, should contain the servlet property,
AuthorizationFactory. The full classname of the implementation class
for this interface should be assigned to that property. The Panther
Requester Servlet will attempt to load and instantiate an object for
the implementation class during initialization of the servlet.
The presence of this servlet property, AuthorizationFactory, causes
authorization to be enabled for the Requester Servlet. Otherwise,
authorization is not enabled. Thus, if the property is not set, the
Requester Servlet will assume that all requests are implicitly authorized.
However, this does not preclude the application code running in the
Jserver from processing @cgi_http_authorization when it receives the
request and denying authorization at that point.
The implementation class for AuthorizationFactory must take a single
constructor parameter which is a HashMap. The argument
received by the constructor will be a mapping of servlet properties
to their values, as given in web.xml. This allows custom properties
to be passed to the AuthorizationFactory implementation class.
There is just one method that is required to be implemented for
AuthorizationFactory: getAuthorization(). This method takes a single
String parameter, and returns an instance of a class that implments the
interface, com.prolifics.servlet.Authorization. ProlificsHttpServlet
calls getAuthorization() for each request, passing it the value of the
HTTP Authorization header that was sent with the request. Use of the
factory pattern allows for the implementation to perform caching
Anything may be used in the Authorization header, but for classes
implementing OAuth/OAuth2 security it is typically a bearer token.
getAuthorization() returns an instance of a class that implements the
- Panther 5.52
Returns an Authorization instance compatible with an HTTP
Authorization getAuthorization(java.lang.String authHeader)
- Returns an Authorization instance compatible with an HTTP
authHeader - An HTTP Authorzation header